Networking

Port Scanning

Powershell Ping Sweep

1
1..20 | % {"192.168.1.$($_): $(Test-Connection -count 1 -comp 192.168.1.$($_) -quiet)"}
Copied!

Powershell Testing ports

1
Test-NetConnection -computername UFC-WEBPROD -Port 80
Copied!

Port Forwarding

1
# Listen address is local ip of machine that will be proxy, connect address is target
2
netsh interface portproxy add v4tov4 listenaddress=192.168.250.10 listenport=443 connectaddress=192.168.250.22 connectport=443
Copied!

Firewalls

Listing Rules

1
netsh firewall show opmode
Copied!

Disabling Firewall

1
netsh firewall set opmode mode=disable
Copied!

Allowing Rule

1
​
Copied!

Enabling PsRemoting (WinRM)

1
​
Copied!

Enabling CredSSP

1
​
Copied!

Hyper-V

Listing VMs

1
Get-VM
Copied!

Get Info on Running VMs

1
# Show properties
2
get-vm -name vault-db |format-list *
3
​
4
# Get IP
5
get-vm -Name vault-db | Select -ExpandProperty Networkadapters
Copied!

Manage VMs

1
# Pass creds as object
2
$username = "<domain>\<username>"
3
$password = ConvertTo-SecureString "<password>" -AsPlainText -Force
4
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password)
5
​
6
# Invoke Command on a VM using creds
7
invoke-command -vmname <vmname> -credential $cred -scriptblock {whoami}
8
​
9
# Enter-PSSession
10
Enter-PSSession -VMName <vmname> -Credential $cred
Copied!

Mounting VM Disk Image

1
# Stop VM
2
Stop-VM -Name vault-dc
3
​
4
# Mount VM and list partition
5
Mount-VHD -Path 'C:\Users\Public\Documents\Hyper-V\Virtual hard disks\vault-dc.vhdx' -PassThru | Get-Disk | Get-Partition | Get-Volume
6
​
7
# Show drives
8
Get-PSDrive
Copied!

SMB Null Session

1
enum4linux -n <IP>
2
enum4linux -a <IP>
3
​
4
# connect with smbclient and list shares
5
smbclient -L WORKGROUP -I <IP> -N -U ""
6
​
7
# Connect to shares
8
smbclient \\\\<IP>\\<SHARE> -N
9
​
10
# download
11
get <FILE>
12
​
13
# Upload
14
put <FILE>
Copied!
Last modified 11mo ago